Cybersecurity

UK to establish cyber and electromagnetic command to enhance warfare capabilities

The United Kingdom has announced plans to establish a new military formation, the Cyber and Electromagnetic Command, aimed at strengthening its digital and electronic warfare capabilities. The new command will fall under Strategic Command, which already oversees the Ministry of Defence’s offensive and defensive cyber operations and works in coordination with the National Cyber Force.

According to the Ministry of Defence, the formation will be responsible for leading defensive cyber operations, coordinating offensive cyber capabilities, and integrating electromagnetic warfare expertise across the Armed Forces. Rather than creating entirely new capabilities, the command will reorganise existing structures to improve coordination and operational effectiveness.

The announcement comes ahead of the government’s Strategic Defence Review, due to be published on 2 June. The review will set out priorities for defence spending and assess the threats facing the UK, the capabilities required to address them, the condition of the Armed Forces, and the resources available. It is expected to highlight the growing impact of daily cyber attacks on national security and the economy.

To support the new command, the Ministry has introduced an accelerated recruitment route for cyber specialists. This new pathway, announced in February, shortens basic training from ten weeks to four, followed by a three-month programme focused on military cyber skills.

Recruitment and retention remain a key challenge. General Sir Jim Hockenhull, Commander of Strategic Command, previously noted that the competition for digital talent is particularly intense, stating that the UK is currently at a disadvantage in this area. Lieutenant General Tom Copinger-Symes, Deputy Commander of Strategic Command, also highlighted the skills shortage as a more immediate concern than funding.

The review describes the Cyber and Electromagnetic Command as a formation that will consolidate expertise in electromagnetic operations, such as degrading command and control systems, jamming signals to drones or missiles, and intercepting adversary communications. The intention is to ensure these capabilities are available at the right time and place to support integrated military operations.

Hockenhull has also pointed out that the UK’s focus on operations in Iraq and Afghanistan over the past two decades led to a reduced emphasis on electromagnetic capabilities, except in limited areas. He noted that the conflict in Ukraine has demonstrated the importance of integrating cyber and electromagnetic tools with conventional military operations.

In 2024, both Ukraine and Russia have announced plans to establish a new branch within the country’s armed forces specialising in drone warfare and the use of unmanned aerial vehicles (UAVs).

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Japan to develop new cybersecurity strategy and measures

The Japanese government is preparing to develop a new cybersecurity strategy within the year, aiming to address growing digital threats targeting both public institutions and private enterprises. As part of the forthcoming strategy, the government plans to transition its internal communications systems from public-key cryptography to post-quantum cryptography, which is considered more resilient against potential cyberattacks enabled by quantum computing technologies.

In a recent development, Defence Minister Gen Nakatani met with Lithuanian Defence Minister Dovile Šakalienė in Tokyo, where both sides agreed to strengthen bilateral cooperation on cybersecurity. A Japanese Ministry of Defence expert will be sent to Lithuania in June to engage with local specialists, who are recognised for their expertise in managing persistent cyber threats, particularly those attributed to Russian state-linked actors.

The agreement follows an earlier announcement that Japan intends to expand its pool of specialist cybersecurity personnel from the current 24,000 to at least 50,000 by 2030. The target was introduced in response to a Ministry of Economy, Trade and Industry (METI) panel recommendation that the country needs approximately 110,000 skilled cybersecurity professionals to meet growing demand.

Under new regulatory measures due to take effect in 2026, the government will also begin inspecting the cybersecurity practices of private companies. Firms failing to meet the established standards may risk losing access to state subsidies.

Earlier this year, the parliament passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

How AI could quietly sabotage critical software

When Google’s Jules AI agent added a new feature to a live codebase in under ten minutes, it initially seemed like a breakthrough. But the same capabilities that allow AI tools to scan, modify, and deploy code rapidly also introduce new, troubling possibilities—particularly in the hands of malicious actors.

Experts are now voicing concern over the risks posed by hostile agents deploying AI tools with coding capabilities. If weaponised by rogue states or cybercriminals, the tools could be used to quietly embed harmful code into public or private repositories, potentially affecting millions of lines of critical software.

Even a single unnoticed line among hundreds of thousands could trigger back doors, logic bombs, or data leaks. The risk lies in how AI can slip past human vigilance.

From modifying update mechanisms to exfiltrating sensitive data or weakening cryptographic routines, the threat is both technical and psychological.

Developers must catch every mistake; an AI only needs to succeed once. As such tools become more advanced and publicly available, the conversation around safeguards, oversight, and secure-by-design principles is becoming urgent.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Thailand to block unlicensed crypto exchanges

Thailand’s Securities and Exchange Commission (SEC) will block access to five major cryptocurrency exchanges on 28 June for operating without a licence. Bybit, 1000X, CoinEx, OKX, and XT.COM offered trading services to Thai users without authorisation, leading to legal action.

The SEC aims to protect investors and prevent money laundering.

New anti-cybercrime laws passed in April give authorities broad powers to shut down suspicious websites quickly. The Royal Decree lets the Ministry of Digital Economy and Society target unlicensed platforms.

Enforcement has since intensified against offshore crypto operators.

Thailand is also adopting blockchain for public finance. The Ministry of Finance launched G-Token, a blockchain-based investment token for government bonds.

G-Tokens cannot be used as currency, maintaining a clear line from volatile cryptocurrencies. Regulators have imposed stricter customer checks and faster suspension of suspicious accounts, while extending liability to banks, telecoms, and social media firms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU says US tech firms censor more

Far more online content is removed under US tech firms’ terms and conditions than under the EU’s Digital Services Act (DSA), according to Tech Commissioner Henna Virkkunen.

Her comments respond to criticism from American tech leaders, including Elon Musk, who have labelled the DSA a threat to free speech.

In an interview with Euractiv, Virkkunen said recent data show that 99% of content removals in the EU between September 2023 and April 2024 were carried out by platforms like Meta and X based on their own rules, not due to EU regulation.

Only 1% of cases involved ‘trusted flaggers’ — vetted organisations that report illegal content to national authorities. Just 0.001% of those reports led to an actual takedown decision by authorities, she added.

The DSA’s transparency rules made those figures available. ‘Often in the US, platforms have more strict rules with content,’ Virkkunen noted.

She gave examples such as discussions about euthanasia and nude artworks, which are often removed under US platform policies but remain online under European guidelines.

Virkkunen recently met with US tech CEOs and lawmakers, including Republican Congressman Jim Jordan, a prominent critic of the DSA and the DMA.

She said the data helped clarify how EU rules actually work. ‘It is important always to underline that the DSA only applies in the European territory,’ she said.

While pushing back against American criticism, Virkkunen avoided direct attacks on individuals like Elon Musk or Mark Zuckerberg. She suggested platform resistance reflects business models and service design choices.

Asked about delays in final decisions under the DSA — including open cases against Meta and X — Virkkunen stressed the need for a strong legal basis before enforcement.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chinese state-linked hackers use Google Calendar to steal data

In a report published this week, analysts at Google have uncovered a campaign in which a China-linked group known as APT41 targeted government ministries and other organisations.

Victims received spearphishing emails directing them to a ZIP file hosted on a compromised official website. Inside, a PDF and some insect images were designed to tempt users into clicking.

Opening the PDF quietly installed a programme called ToughProgress, which runs entirely in a device’s memory to evade antivirus checks. Once active, the malware stole sensitive files and prepared them for exfiltration.

Google Calendar became the hackers’ secret communication channel. An event dated 30 May 2023 carried encrypted data stolen from victims in its description.

Further entries in July contained new instructions. ToughProgress regularly checked the attacker-controlled calendar, decrypted any commands and uploaded its results back as new calendar events.

APT41 is one of China’s most active state-linked cyber groups. US authorities charged five members in 2020 with over a hundred intrusions worldwide and issued arrest warrants for operatives including Zhang Haoran and Tan Dailin.

Earlier investigations tie the group to long-running breaches of Southeast Asian government agencies and a Taiwanese research institute working on strategic technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK bolsters digital defences with new Cyber Command after Ukraine lessons

The UK’s Ministry of Defence (MoD) will establish a Cyber and Electromagnetic Command to unify defensive cyber operations and coordinate offensive capabilities alongside the National Cyber Force.

However, this move follows recommendations in the upcoming strategic defence review, due on 2 June 2025, which will define the UK’s force structure and investment priorities.

The rapid sharing of intelligence across ships, aircraft, tanks and personnel is a core aim of the new formation. Defence Secretary John Healey has stressed that future conflicts ‘will be won through forces that are better connected, better equipped and innovating faster than their adversaries.’

However, a major concern is the lack of digital expertise, as Strategic Command chief Gen. Sir Jim Hockenhull warned: ‘the first battle of the next war is the battle for talent.’ To tackle this shortfall, the MoD has launched an accelerated recruitment pipeline, reducing basic training from ten weeks to just four, followed by three months of specialised cyber instruction.

Insights from Russia’s campaign in Ukraine have underlined the importance of electromagnetic capabilities such as jamming drones, intercepting communications and degrading enemy command and control.

Strategic Command chief Sir Jim Hockenhull warned that siloed cyber efforts must be fully integrated into operational planning to seize the advantage in modern warfare.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China blamed of cyberattack on Czech Republic government networks

Prague has formally accused China of launching a malicious cyber campaign against its Foreign Affairs ministry’s unclassified communications network. Beijing’s embassy in Prague dismissed the allegations and urged an end to what it called ‘microphone diplomacy.’

Investigators trace the operation back to the Czech Republic’s 2022 EU presidency, attributing it to APT31, a group allegedly operating under China’s Ministry of State Security. After detecting the intrusion, officials rolled out a more secure communications platform in 2024.

Foreign Minister Jan Lipavský summoned China’s ambassador to stress the severity of the breach, which targeted emails and other documents related to Asia. The government condemned the incident as an attack on its critical infrastructure.

International partners have rallied behind Prague. NATO and the EU have condemned the attack and the US Bureau of Cyberspace and Digital Policy has called on China to meet its international cybersecurity commitments.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

IHS Nigeria and NSCDC partner to secure telecom infrastructure

IHS Nigeria and the Nigeria Security and Civil Defence Corps (NSCDC) have partnered to enhance the protection of critical telecommunications infrastructure across Nigeria.

The partnership is grounded in national policies that classify telecommunications assets, such as towers and fibre optic networks, as critical national information infrastructure, requiring legal protection and proactive security enforcement.

By addressing issues such as theft, vandalism, and sabotage, the partnership aims to strengthen the reliability and security of telecom services that millions of Nigerians rely on daily.

The NSCDC will provide critical support to IHS Nigeria in essential operational areas including site surveillance, emergency response, incident reporting, and tower decommissioning.

Additionally, the Corps will take an active role in investigating, apprehending, and prosecuting those who violate laws protecting telecommunications infrastructure.

Commenting on the partnership, IHS Nigeria CEO highlighted the importance of working closely with law enforcement to create a safer environment for operations and improve service quality.

He described the initiative as a major step toward enhancing the resilience and availability of connectivity in Nigeria. Similarly, NSCDC Commandant underscored the Corps’ responsibility to protect national infrastructure and described IHS Nigeria as a strategic partner in achieving that mission.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DeepSeek updates its R1 AI model

Chinese AI startup DeepSeek has rolled out an updated version of its R1 reasoning model on the popular developer platform Hugging Face. The release was quietly announced via a WeChat post and marks a continuation of DeepSeek’s effort to challenge leading players in the AI field, including US-based OpenAI.

The new R1 model is a minor update, released under the permissive MIT license, allowing commercial use. However, the Hugging Face repository only includes the model’s configuration files and internal weights, with no public documentation describing the model’s capabilities.

https://twitter.com/deepseek_ai/status/1881318130334814301

These ‘weights’ — the parameters that determine how an AI model behaves — total a massive 685 billion, making the model too large to run on standard consumer hardware without special adaptations. DeepSeek gained attention earlier this year when the original R1 demonstrated competitive performance against leading models from OpenAI.

That advancement hasn’t gone unnoticed by international observers; US regulators have expressed concern over the potential national security risks posed by DeepSeek’s technologies. Despite the controversy, the company continues to make bold moves on the global AI stage.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!